Response to the Office Action of March 12, 2020 
Serial No. 10/733,326 



REMARKS 

Claims 1-4, 6-16, 18-26 and 28-34 are pending in the present application. 
Claims 5, 17 and 27 have been cancelled byway of a previous amendment. 

The Examiner has rejected claims 1, 13 and 23 under 35 U.S.C. § 112, 
first paragraph, as failing to comply with the written description requirement. The 
Examiner contends that the claims contain subject matter which was not described in 
the specification in such a way as to reasonably convey to one skilled in the relevant art 
that the inventor, at the time the application was filed, had possession of the claimed 
invention. In particular, the Examiner indicates that there does not appear to be 
disclosure for the claim limitation "transmitting a redirect message to said browser, 
thereby redirecting said request to the second server". The specification discloses 
redirecting a request to another server. 

The Examiner indicates that "There is no disclosure that the initial request 
is a redirect request". The Applicant replies that there is no necessity that "the initial 
request is a redirect request". 

The Examiner indicates that "The system determines that the initial 
message must be redirected to another server." The Applicant agrees. 

The Examiner indicates that "There is no disclosure that the initial 

message is initially a redirect message." The Applicant replies that there is no necessity 
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that "the initial message is initially a redirect message." 

The Examiner's attention is directed to the Internet Engineering Task 
Force Request For Comments (RFC) 2068 (available at 

http://www.ietf.org/rfc/rfc2068.txt and dated January 1997), which document defines 
"Hypertext Transfer Protocol -- HTTP/1.1". RFC 2068 defines, in section 10.3, 
redirection of a request. Notably, redirecting a request, as defined in RFC 2068, always 
requires "transmitting a redirect message to said browser, thereby redirecting said 
request to the second server". 

The Applicant submits that, through the use of the term "redirect" in the 
context of web farms and serving content, it would be reasonably conveyed to one 
skilled in the relevant art that the inventor, at the time the application was filed, had 
possession of the claimed invention, including "transmitting a redirect message to said 
browser, thereby redirecting said request to the second server". Accordingly, the 
Applicant respectfully requests that the Examiner withdraw the rejection, under 35 
U.S.C. § 112, first paragraph, of claims 1, 13 and 23. 

The Examiner has rejected claims 1-4, 6, 9-16, 18, 21-26, 28 and 31-34 
under 35 U.S.C. § 103(a) as being unpatentable over US Patent Application Publication 
No. 2003/00051 18 to Williams (hereinafter "Williams") in view of US Patent Application 
Publication No. 2004/0210771 to Wood et al. (hereinafter "Wood") in further view of US 
Patent Application Publication No. 2002/0124074 to Levy et al. (hereinafter "Levy"). 
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The Office Action was issued following the United States Supreme Court's 
decision in the case of KSR Int'l Co. v. Teleflex Inc. , 550 U.S. 398 (2007). In light of the 
KSR decision, Applicant wishes to address various issues pertaining to a proper 
analysis under section 103. 

The Examiner, by citing three and four references and asserting a reason 
for combining elements from the three and four references, has elected to base the 
rejection of the pending claims upon a teaching, suggestion or motivation to select and 
combine features from the cited references. Applicant wishes to point out that the 
Supreme Court's KSR decision did not reject use of a "teaching, suggestion or 
motivation" analysis as part of an obviousness analysis, characterizing the analysis as 
"a helpful insight." KSR slip op. at 14-15. 

When the Examiner chooses to base a rejection upon a teaching, 
suggestion or motivation analysis, the Examiner must satisfy the requirements of such 
an analysis. In particular, the Examiner must demonstrate with evidence and reasoned 
argument that there was a teaching, suggestion or motivation to select and combine 
features from the cited references, e.g., In re Lee , 61 USPQ2d 1430, 1433 (Fed. Cir. 
2002). Moreover, the prior art must suggest the desirability of the combination, not 
merely the feasibility, see In re Fulton , 73 USPQ2d 1 141 , 1 145 (Fed. Cir. 2004). 

In the event that the cited references fail to disclose or suggest all of the 
elements recited in the claims, then combining elements from the references would not 
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yield the claimed subject matter, regardless of the extent of any teaching, suggestion or 
motivation. 

Although the Supreme Court did not reject use of a "teaching, suggestion 
or motivation" analysis, the Supreme Court did say that it was not the only possible 
analysis of an obviousness question. Because of the Examiner's chosen ground for 
rejection, however, the only pending ground for rejection must be a "teaching, 
suggestion or motivation" analysis. In the event that the Examiner chooses to consider 
a different avenue for rejection, this would be a new ground for rejection not due to any 
action by Applicant. Applicant has a right to be heard on any new ground for rejection. 

Applicant further respectfully reminds the Examiner that, even after KSR , 
the following legal principles are still valid, having been endorsed by the Supreme Court 
or having been unaffected by its decision: (1) the USPTO still has the burden of proof 
on the issue of obviousness; (2) the USPTO must base its decision upon evidence, and 
it must support its decision with articulated reasoning (slip op. at 14); (3) merely 
demonstrating that all elements of the claimed invention exist in the prior art is not 
sufficient to support a determination of obviousness (slip op. at 14-15); (4) hindsight has 
no place in an obviousness analysis (slip op. at 17); and (5) Applicant is entitled to a 
careful, thorough, professional examination of the claims (slip op. at 7, 23, in which the 
Supreme Court remarked that a poor examination reflected poorly upon the USPTO). 

As described in paragraph [0038] of the present application as published, 
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a first server may determine that a request, received from a browser, for a web page 
requires redirection to a second server. Accompanying the request is an encrypted 
session token. As claimed, redirection involves "transmitting a redirect message to said 
browser, thereby redirecting said request to the second server". Responsively, it is 
anticipated that the browser will send the request, and encrypted session token, to the 
second server. 

However, upon receipt of the request, the second server may not be able 
to decrypt the session token so as to obtain a session ID and a timestamp. Accordingly, 
while redirecting the request to the second server, the first server transmits the session 
ID and timestamp directly to the second server. Conveniently, when the second server 
receives the redirected request from the browser, the second server may determine, 
based on the session ID and timestamp received from the first server, that the request 
relates to a valid session. Upon determining that the request relates to a valid session, 
the second server may serve the web page requested in the request. 

Claim 1 requires "transmitting a redirect message to said browser, thereby 
redirecting said request to the second server" and "in conjunction with said transmitting, 
transmitting said session ID and said timestamp directly to the second server". 

The Examiner correctly notes that Williams discloses redirecting a 
received request. However, it important to note, further, that Williams redirects "If a 
request from a client to a protected server does not include a single-use domain token" 
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(see paragraph [0067]). The Examiner admits that Williams does not specifically 
disclose including the transmission of said token to the second server in a redirect 
request. It should be clear that Williams does not disclose such transmission because 
Williams only redirects a request when no token is received . 

The Examiner then cites Wood to show transmission of a session token 
with a redirect response. The Applicant notes that both the redirect response and the 
session token are transmitted to the same destination, namely "browser 170". Explicit in 
claim 1 is that the redirect message is transmitted to a destination distinct from the 
destination to which the session ID and the timestamp are transmitted. 

Wood shows that the session token transmitted with the redirect (5) 
response is a new session token (see paragraph [0051]), not a session token received 
with a request from a browser and decrypted to obtain a session ID and a timestamp, 
as required by claim 1. 

The Examiner admits that Williams-Wood does not specifically disclose, in 
the Examiner's words, "the transfer of a session ID parameter and a time and date 
(timestamp) parameter between two network connected systems (servers)". 

The Examiner then cites Levy to illustrate that the transfer of a session ID 
parameter and a time and date (timestamp) parameter between two network connected 
systems has been disclosed. The Applicant agrees that Levy discloses the creation of a 
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hit_data record including the current value of session_id and the date and time, and the 
transmission of a LOG message to the registration server, where the LOG message 
includes the contents of the hit_data record. The Applicant notes that the entity 
performing the creation of the hit_data record and the transmission LOG message is a 
client (1, FIG. 1) executing a browser (5, FIG. 1) and not, as required by claim 1, a first 
server that is the recipient of a request for a web page that is present at a second 
server. 

Since neither Williams, nor Wood, nor Levy, nor a combination of 
Williams, Wood and Levy disclose or suggest "transmitting a redirect message to said 
browser, thereby redirecting said request to the second server" and "in conjunction with 
said transmitting, transmitting said session ID and said timestamp directly to the second 
server" as required by claim 1, the Applicant submits that claim 1 may not be properly 
rejected under 35 U.S.C. § 103(a) as being unpatentable over Williams in view of Wood 
in further view of Levy. The Applicant respectfully requests that the Examiner withdraw 
the rejection of claim 1, and claims 2-4, 6 and 9-12 dependent, either directly or 
indirectly, thereon, as obvious over Williams in view of Wood in further view of Levy. 

Claim 23 is directed to a computer program product having a computer- 
readable medium tangibly embodying computer executable instructions for secure 
session management according to the method of claim 1 . 

With arguments similar to those presented in defense of the non- 
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obviousness of claim 1 , the Applicant submits that neither Williams, nor Wood, nor 
Levy, nor a combination of Williams, Wood and Levy disclose or suggest a computer 
program product having a computer-readable medium tangibly embodying computer 
executable instructions for "transmitting a redirect message to said browser, thereby 
redirecting said request to the second server" and "in conjunction with said transmitting, 
transmitting said session ID and said timestamp directly to the second server", as 
required by claim 23. Accordingly, the Applicant submits that claim 23 may not be 
properly rejected under 35 U.S.C. § 103(a) as being unpatentable over Williams in view 
of Wood in further view of Levy. The Applicant respectfully requests that the Examiner 
withdraw the rejection of claim 23, and claims 24-26, 28 and 31-34 dependent, either 
directly or indirectly, thereon, as obvious over Williams in view of Wood in further view 
of Levy. 

Claim 13 is directed to a system for secure session management. The 
system of claim 13 includes a first server including a first request handler and a second 
server including the requested web page. Claim 13 requires that the first request 
handler be "adapted to transmit a redirect message to said browser, thereby redirecting 
the request to said second server, and transmit the session ID and said timestamp 
directly to said second server". In Williams, "If a request from a client to a protected 
server does not include a single-use domain token, the protected server can redirect 
the client to the CDC to perform a login process" (paragraph [0067]). In Wood, "A 
session token is passed to browser 170 in conjunction with the redirect (5) to login 
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component 120." Notably, neither Williams nor Wood are adapted to redirect a request 
to a second server, where the second server includes the requested web page. The 
Williams redirect is to a Cookie Distribution Center 202. The Wood redirect is to login 
component 120. The Examiner cites Levy to illustrate that the transfer of a session ID 
parameter and a time and date (timestamp) parameter between two network connected 
systems has been disclosed. As discussed above in relation to the rejection of claim 1 , 
the Applicant notes that the network connected system arranging transfer of a session 
ID parameter and a time and date (timestamp) parameter to another network connected 
system is a client (1, FIG. 1) executing a browser (5, FIG. 1) and not, as required by 
claim 13, a first server that is the recipient of a request for a web page that is present at 
a second server. 

The Applicant submits that neither Williams, nor Wood, nor Levy nor a 
combination of Williams, Wood and Levy suggest or disclose a first request handler 
adapted to "transmit a redirect message to said browser, thereby redirecting the request 
to said second server; and transmit the session ID and said timestamp directly to said 
second server", as required by claim 13. Accordingly, the Applicant submits that the 
system of claim 13 may not be properly rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Williams in view of Wood in further view of Levy. The Applicant 
respectfully requests that the Examiner withdraw the rejection of claim 13, and claims 
14-16, 18 and 21 dependent, either directly or indirectly, thereon, as obvious over 
Williams in view of Wood in further view of Levy. 
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The Examiner has rejected claims 7 and 8 under 35 U.S.C. § 103(a) as 
being unpatentable over Williams in view of Wood in further view of Levy in further view 
of US Patent No. 5,907,621 to Bachman et al. (hereinafter "Bachman"). Claims 7 and 8 
depend directly and indirectly, respectively, from claim 1 and add limitations. The 
Examiner contends that the combination of Williams, Wood and Levy discloses most of 
the subject matter of claims 7 and 8 and cites Bachman to illustrate that the additional 
limitations added by claims 7 and 8 were known at the time the claimed inventions were 
made. Without regard to whether Bachman discloses the limitations added by claims 7 
and 8, the Applicant submits that Bachman does not suggest or disclose those 
elements of the method of claim 1 that, as discussed above, have not been suggested 
or disclosed by Williams, Wood and Levy. Accordingly, the Applicant respectfully 
requests that the Examiner withdraw the rejection of claims 7 and 8 as obvious over 
Williams in view of Wood in further view of Levy in further view of Bachman. 

The Examiner has rejected claims 19 and 20 under 35 U.S.C. § 103(a) as 
being unpatentable over Williams in view of Wood in further view of Levy in further view 
of Bachman. Claims 19 and 20 depend indirectly from claim 13 and add limitations. The 
Examiner contends that the combination of Williams, Wood and Levy discloses most of 
the subject matter of claims 19 and 20 and cites Bachman to illustrate that the 
additional limitations added by claims 19 and 20 were known at the time the claimed 
inventions were made. Without regard to whether Bachman discloses the limitations 
added by claims 19 and 20, the Applicant submits that Bachman does not suggest or 
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disclose a first request handler adapted to "transmit a redirect message to said browser, 
thereby redirecting the request to said second server; and transmit the session ID and 
said timestamp directly to said second server", as required by claim 13. 

Since it is submitted that neither Williams, nor Wood, nor Levy, nor 
Bachman, nor a combination of Williams, Wood, Levy and Bachman suggest or 
disclose a first request handler adapted to "transmit a redirect message to said browser, 
thereby redirecting the request to said second server; and transmit the session ID and 
said timestamp directly to said second server", it is further submitted that the system of 
claims 19 and 20 may not be properly rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Williams in view of Wood in further view of Levy in further view of 
Bachman. It is respectfully requested that the Examiner withdraw the rejection of claims 
19 and 20 as obvious. 

The Examiner has rejected claims 29 and 30 under 35 U.S.C. § 103(a) as 
being unpatentable over Williams in view of Wood in further view of Levy in further view 
of Bachman. Claims 29 and 30 depend indirectly from claim 23 and add limitations. The 
Examiner contends that Williams, Wood and Levy disclose most of the subject matter 
of claims 29 and 30 and cites Bachman to illustrate that the additional limitations added 
by claims 29 and 30 were known at the time the claimed inventions were made. Without 
regard to whether Bachman discloses the limitations added by claims 29 and 30, the 
Applicant submits that Bachman does not disclose or suggest a computer program 
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product having a computer-readable medium tangibly embodying computer executable 
instructions for "transmitting a redirect message to said browser, thereby redirecting 
said request to the second server" and "in conjunction with said transmitting, 
transmitting said session ID and said timestamp directly to the second server", as 
required by claim 23. Accordingly, the Applicant submits that claims 29 and 30 may not 
be properly rejected under 35 U.S.C. § 103(a) as being unpatentable over Williams in 
view of Wood in further view of Levy in further view of Bachman. The Applicant 
respectfully requests that the Examiner withdraw the rejection of claims 29 and 30 as 
obvious. 

Favorable reconsideration and allowance of this application are 
respectfully requested. 

Respectfully Submitted, 
Avaya Inc. 

By: /Colin Climie/ 

Colin C. Climie, Registration. No. 56,036 

Place: Toronto, Ontario, Canada 
Date: August 12, 2010 
Tele No.: 416-868-1482 
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